|
 Messages broadcasted via Sigarra |
|
|
 UC (Sigarra) |
|
|
Schedule |
|
|
 Office hours |
|
|
Lessons' Summaries |
|
|
 Groups of students |
|
|
Grades - Lab Work |
|
|
Grades - after Normal exam (1st call) |
|
|
| About Exams |
Normal Exam 2022/23 |
|
|
| Lectures |
0. Presentation |
|
|
0. Presentation (original) |
|
|
1. Introduction (& review) |
|
|
1.A Intro-annex: CIAA simplified |
|
|
2.1 Cryptography Basics |
|
|
2.2 Cryptography - general protection techniques |
|
|
2.3 Cryptography 2nd level (part 1) |
|
|
2.3 Cryptography 2nd level (part 2) |
|
|
2.3 Cryptography 2nd level (part 2) (original) |
|
|
3. Sofware Security Components |
|
|
for printing (4 slides per page) |
|
|
Lectures from OWASP |
|
|
4. Software Security |
|
|
For printing (4 slides/page) |
|
|
Some Less Common Software Vulnerabilities |
|
|
 Some Simple Vulnerability Demos |
|
|
5. Identity and Authentication Mechanism |
|
|
For printing (4 slides/page) |
|
|
6. Access Control (Authorization) Security Mechanism |
|
|
For printing (4 slides/page bw) |
|
|
7. Web Security |
|
|
Print version (4 per page) |
|
|
OAuth Demo (with Node and Koa) |
OAuth Koa
========= This demo contains 3 node.js servers illustrating the OAuth protocol in a simplified implementation. It contains the resource server (resource.js), the authorization (with authentication also) server (authorize.js), and the client application (web app) server (client.js).
The servers were implemented using Koa, a simpler Express replacement, with a separate router file for the API implementations and for generating the web pages (in the client server mostly). The pages are generated using Pug templates containing the HTML (and CSS) and parameters for the content. To run:
Run the three servers in three different command line consoles (>node ....js).
From a browser, access the client's home page (http://localhost:9001). See the logs that appear on the consoles as you progress on the web pages. |
|
8. Distributed Systems Security |
|
|
Print version (4 per page) |
|
|
Authentication using asymmetric cryptography and biometry |
Demo with a Web Application and an Android Authenticator app, using QR-codes. |
|
| Practical Classes |
Docker-intro |
|
|
1. Race-Condition Vulnerability Lab |
|
|
2. Spectre Attack Lab |
|
|
3. Pseudo Random Number Generation Lab |
|
|
4. Padding Oracle Attack Lab |
|
|
5. Hash Length Extension Attack Lab |
|
|
Try Hack Me OWASP Top 10 Vulnerabilities |
You need to create a free account with Try Hack Me |
|
Portswigger Labs |
|
|
6. TLS Lab |
|
|
Lab setup files |
|
|
TLS protocol overview |
|
|
TLS programming and attacking |
|
|
Python TLS wrapper documentation |
|
|
PKI, CAs, and web server certificates |
|
|
GUI tool to generate certificates and keys (and CAs) for Macs or Windows |
|
|
7. Blockchain Reentrancy Attack |
This lab should be executed by all groups. |
|
Lab setup files |
|
|
Blockchain (bitcoin) more information |
|
|
| Assignment |
Assignment - Security Project |
15-minute presentation date: May 21 |
|
| SEED Security Labs |
SEED Project |
|
|
SEED Labs 2.0 |
|
|
SEED Labs @ GitHub |
|